iPhone 4 has finally been
jailbroken, thanks to the hard work of the Apple Dev Team.
An unlock is expected to soon follow.Unfortunately, the route
used to jailbreak the phone appears to be just as readily exploited
for less noble purposes. The method used by www.jailbreakme.com
involves navigating to a website with a PDF document. Due to
poor programming, the PDF is allowed to execute code that would
normally be disallowed. For the jailbreakers, this means
executing code that will free your phone from Apple's walled
garden.However, for malicious
hackers, this exploit could allow for the theft of your address
book, text message database, pictures, and more on any iPhone 4.
Reportedly, the method has not yet been broadly published, but will
soon be publicly disclosed. At that point, black hat hackers
will be able to have a field day.Apple likely will jump at
the opportunity to patch this hole, locking out jailbreakers in the
process. As jailbreaking was recently ruled
legal in amendments to the Digital Millennium Copyright Act,
Apple might otherwise find it harder to justify moving to
deliberately shut out the jailbreakers.You can use iFile or
SSH on the iPhone to install a browser plugin called "PDF
Loading Warner", which will ask for permission whenever a site
wants to display a PDF file. You can get the .deb file here.
A standard installer should be available on Cydia in the next couple
of days.Until you get that, it's recommended that you limit
your browsing to known trusted sites only. Again, this exploit
applies to all iPhone
4 users --
not just the ones who jailbroke their phones.
UPDATED: Aug. 3, 2010 1:55 p.m.-
To clarify both iPhone OS 4 and iPhone OS 3 are vulnerable. This means that virtually any iPhone 3G, 3GS, or iPhone 4 is at risk. The vulnerability stems from a problem in how the mobile Safari browser processes Compact Font Format (CFF) data. When it encounters this data -- typically found in PDF documents -- a memory corruption error results, allowing the execution of arbitrary code, including malicious commands.
A full post on this, courtesy of McAffee antivirus researcher David Marcus (sourcing a vulnerability assessment by Vupen) can be found here.
UPDATED 2: Aug. 8, 2010 9:30 p.m.
Apple's has announced plans to remedy the woefully poor parsing code in its mobile Safari browser. Speaking with CNET, an Apple spokesperson remarked, "We're aware of this reported issue, we have already developed a fix and it will be available to customers in an upcoming software update."
The fix reportedly will block both the exploit that allows unauthorized code to run in the sandbox, and an even more dangerous (or useful, depending on your perspective) exploit that allows code to escape the sandbox and grants root permissions.
The fix will likely be delivered via the iOS 4.1 update, which is currently being beta tested by developers. The current OS software version is iOS 4.01.
quote: Sandbox: a virtual container in which untrusted programs can be safely run
quote: Walled garden: a closed or exclusive set of information services provided for users